Congress Should Not Use Cybersecurity Legislation as a Pretext to Weaken FOIA
As the U.S. Senate prepares to take up the Cybersecurity Information Sharing (“CISA”) Act, S. 754, open government organizations, privacy and civil liberties defenders, security experts, and tech companies are mobilizing to voice opposition to the bill.
OpenTheGovernment.org is particularly concerned with the harm the bill would do to the Freedom of Information Act and transparency more generally. Open government organizations sent letters to Congress in June, and in March of this year, calling on the Senate to oppose the bill.
CISA would add a new exemption to the Freedom of Information Act for the first time since 1967. Section 10 of the bill provides that any and all “information shared with or provided to the Federal Government pursuant to the Cybersecurity Information Sharing Act of 2015” is exempt from disclosure under FOIA—even if it is private information unrelated to a cybersecurity threat. Supporters of CISA have never explained why it is necessary to add a new exemption in FOIA for the first time in decades–particularly since other parts of the bill require ‘cyber threat indicators and defensive measures” to be “withheld without discretion” under existing FOIA exemptions. There are serious concerns that CISA will enable government surveillance and that companies will turn over private information without adequate safeguards. Exempting all information provided under CISA from disclosure will make it impossible to understand or limit these risks.
Passing CISA would also give jurisdiction over FOIA to the most secretive committee in the Senate. CISA was drafted and marked up in secret by the Senate Select Committee on Intelligence (SSCI), which almost never holds public hearings and has never held one on this legislation. The Senate Judiciary Committee, which has jurisdiction over FOIA, has never held hearings or had an opportunity to consider the justification for the new FOIA exemption. Allowing SSCI to write new exemptions to FOIA, without any public consideration or input from the Judiciary Committee, could set a dangerous precedent for further weakening the law at the intelligence community’s request.
Additionally, the bill, among its other major privacy and civil liberties concerns, overlooks the basic defensive measures needed to prevent breaches like recent Office Personnel Management (OPM) hack in favor of a focus on limiting companies’ liability and supplying the intelligence community with new means of surveillance.
OpenTheGovernment.org has joined 67 other signatories (39 organizations and 29 security experts), calling on the Obama Administration to threaten to veto the CISA bill. That letter was sent to President Obama yesterday.
Join the campaign by blogging or tweeting (use the hashtag #StopCISA). You can also send a fax, as organizations have programmed eight separate phone lines to convert emails to send them to Senators at FaxBigBrother.com (#faxbigbrother).